8bcf50ddb7b9111ab736330617fd4751ceb194ba915bd3165648103241d3c708[.]zip

General

Target

8bcf50ddb7b9111ab736330617fd4751ceb194ba915bd3165648103241d3c708.zip
Size

757KB
MD5

d16eed519329a2a74b097ea251e59990
SHA1

5da24751c5f214c9eeefe02d22ad5379606be753
SHA256

1430e08b3f8a163ea6d30a094c9cd870584b6fdc6388f09edb1366490ce4014c
SHA512

108fe44db5c5ad9b600b21d143e485436e04f1e2ecaccc1a584a6701c61b23dee05fcd1c65e39fad780fbc24442e0f0b9e4b96cf3a0664c90721649ed6ea725f
SSDEEP

12288:jpFkP3LoArf3TW7H0yc8SlG0qzHrTGmsiZFLdSUm+kPznO5hxQwtRCLNVRIA9Qf:tA7oArfDXkriMhQ+kbOzxxiLNVRs

Score

7^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
static1/unpack001/8bcf50ddb7b9111ab736330617fd4751ceb194ba915bd3165648103241d3c708.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8bcf50ddb7b9111ab736330617fd4751ceb194ba915bd3165648103241d3c708.exe

8bcf50ddb7b9111ab736330617fd4751ceb194ba915bd3165648103241d3c708.zip
.zip

Password: infected
8bcf50ddb7b9111ab736330617fd4751ceb194ba915bd3165648103241d3c708.exe
.exe windows x86

Password: infected

11cc54a9a29ceae337a5d3a9518624c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetLocalTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 720KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ